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We define a new subclass of nondeterministic finite automata for prefix- 
closed languages called Flanked Finite Automata (FFA). We show that this 
class enjoys good complexity properties while preserving the succinctness 
of nondeterministic automata. In particular, we show that the universality 
problem for FFA is in linear time and that language inclusion can be checked 
in polynomial time. A useful application of FFA is to provide an efficient 
way to compute the quotient and inclusion of regular languages without the 
need to use the powerset construction. These operations are the building 
blocks of several verification algorithms. 


1 Introduction 

While the problems of checking universality or language inclusion are known to be com¬ 
putationally easy for Deterministic Finite Automata (DFA), they are PSPACE-complete 
for Nondeterministic Finite Automata (NFA). On the other hand, the size of a NFA can 
be exponentially smaller than the size of an equivalent minimal DFA. This gap in com¬ 
plexity between the two models can be problematic in practice. This is for example 
the case when using finite state automata for system verification, where we need to 
manipulate very large number of states. 

Several work have addressed this problem by trying to find classes of finite automata 
that retain the same complexity than DFA on some operations while still being more suc¬ 
cinct than the minimal DFA. A good survey on the notion of determinism for automata 
is for example [3]. One such example is the class of Unambiguous Finite Automata 
(UFA) |9l [To]. Informally, a UFA is a hnite state automaton such that, if a word is 


1 


accepted, then there is a unique run which witnesses this fact, that is a unique sequence 
of states visited when accepting the word. Like with DFA, the problems of universality 
and inclusion for UFA is in polynomial-time. 

In this paper, we restrict our study to automaton accepting prefix closed languages. 
More precisely, we assume that all the states of the automaton are final (which corre¬ 
sponds exactly to the class of prefix-closed regular languages). This restriction is very 
common when using NFA for the purpose of system verification. For instance, Kripke 
structures used in model-checking algorithms are often interpreted as hnite state automa¬ 
ton where all states are final. It is easy to see that, with this restriction on prefix-closed 
language, an UFA is necessarily deterministic. Therefore new classes of NFA, with the 
same nice complexity properties than UFA, are needed in this context. We can also note 
that the classical complexity results on NFA are still valid when we restrict to automata 
accepting prefix-closed language. For instance, given a NFA A with all its states final, 
checking the universality of A is PSPACE-hard [7j. Likewise for the minimization prob¬ 
lem. Indeed there are examples of NFA with n states, all hnals, such that the minimal 
equivalent DFA has 2"’ states [3 Sect. 7]. We provide such an example in Sect, [^of this 
paper. Therefore this restriction does not intrinsically change the difficulty of our task. 

We dehne a new class of finite state automaton called Flanked Finite Automata (FFA) 
that has complexity properties similar to that of UFA but for prefix-closed language. 
Informally, a FFA includes extra-information that can be used to check efficiently if 
a word is not accepted by the automaton. In Sect. we show that the universality 
problem for FFA is in linear-time while testing the language inclusion between two FFA 
A and B is in time 0(|A|.|S|), where |A| denotes the size of the automaton A in number 
of states. In Sect.j^ we define several operations on FFA. In particular we describe how 
to compute a flanked automata for the intersection, union and quotient of two languages 
defined by FFA. Finally, before concluding, we give an example of (a family of) regular 
languages that can be accepted by FFA which are exponentially more succinct than their 
equivalent minimal DFA. 

Our main motivation for introducing this new class of NFA was to provide an efficient 
way to compute the quotient of two regular languages Li and L 2 . This operation, 
denoted L 1 /L 2 and defined in Sect. is central in several automata-based verification 
problems that arise in applications ranging from the synthesis of discrete controller to 
the modular verification of component-based systems. For example, it has been used 
in the definition of contract-based specification theories mm or as a key operation 
for solving language equations m- With our approach, it is possible to construct the 
quotient of two flanked automaton, Ai and A 2 , using less than |Ai|.|A 2 | -|- 1 states; 
moreover the resulting automata is still flanked. We believe that this work provides the 
first algorithm for computing the quotient of two languages without resorting to the 
powerset construction on the underlying automata, that is without determinizing them. 
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2 Notations and Definitions 


A finite automaton is a quintuple A = (Q, S, E, I) where: Q is a finite set of states; S 
is the alphabet of A (that is a finite set of symbols); ECQx'ExQ is the transition 
relation; and I E Q is the set of initial states. In the remainder of this text, we always 
assume that every states of an automaton is final, hence we do not need a distinguished 
subset of accepting states. Without loss of generality, we also assume that every state 
in Q is reachable in A from I following a sequence of transitions in E. 

For every word u G S* we denote A{u) the subset of states in Q that can be reached 
when trying to accept the word u from an initial state in the automaton. We can define 
the set A{u) by induction on the word u. We assume that e is the empty word and we 
use the notation ua for the word obtained form u by concatenating the symbol a G S; 
then: 

^(e) = I 

A{ua) = {q' £ Q \ 3q £ A{u).{q,a,q') £ E} 

By extension, we say that a word u is accepted by A, denoted u G if the set A{u) 
is not empty. 

Definition 1. A Flanked Finite Automaton (FFA) is a pair (^, F) where A = (Q, B, E, I) 
is a finite automaton and F : Q x T, is a “flanking function”, that associates symbols of 
T, to states of A. We also require the following relation between A and F: 


yu £ E* ,a £ £ A A ua ^ A) 4^ 3q £ A{u).{q, a) £ F) 


(F*) 


We will often use the notation q-^q' when {q, a, q') £ E, that is when there is a transition 
from q to q' with symbol a in A. Likewise, we use the notation q-^ when {q,a) £ F. 

With our condition that every state of an automaton is final, the relation q-^ q' states 
that every word u “reaching” q in A can be extended by the symbol a; meaning that 
ua is also accepted by A. Conversely, the relation q states that the word ua is not 
accepted. Therefore, in a FFA {A,F), when q £ A{u) and {q,a) £ F, then we know 
that the word u cannot be extended with o. In other words, the flanking function gives 
information on the “frontier” of a prefix-closed language—the extreme limit over which 
words are no longer accepted by the automaton—hence the use of the noun flank to 
describe this class. 

In the rest of the paper, we simply say that the pair (A, F) is flanked when condi¬ 


tion (F*) is met. We also say that the automaton A is flankable if there exist a flanking 


function F such that {A, F) is flanked. 


2.1 Testing if a Pair {A,F) is Flanked 

We can use the traditional Rabin-Scott powerset construction to test whether F flanks 
the automaton A = {Q,T,, E, I). We build from A the “powerset automaton” p{A), a 
DFA with alphabet B and with states in 2^ (also called classes) that are the sets of 
states in Q reached after accepting a given word prefix; that is all the sets of the form 
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Figure 1: An example of non-flankable NFA (left) and its associated Rabin-Scott pow- 
erset construction (right). 


A{u). The initial state of p{A) is the class A(e) = I. Finally, we have that C A C" in 
p{A) if and only if there is g G C and q' G C' such that q-^ q'■ 

Let F~^{a) be the set {q \ g A} of states that “forbids” the symbol a after a word 
accepted by A. Then the pair {A, F) is flanked if, for every possible symbol a G S and 
for every reachable class C G p{A) we have: C n F~^{a) / 0 if and only if there are no 
class C such that C -% C. 

This construction shows that checking if a pair (A, F) is flanked should be a costly 
operation, that is, it should be as complex as exploring a deterministic automaton equiv¬ 
alent to A. In Sect. we prove that this problem is actually PSPACE-complete. 


2.2 Testing if a NFA is Flankable 


It is easy to show that the class of FFA includes the class of deterministic finite state 
automaton; meaning that every DFA is flankable. If an automaton A is deterministic, 
then it is enough to choose the “flanking function” F such that, for every state q 'va. Q, 
we have g A if and only if there are no transitions of the form g A gAn A. DFA are a 
proper subset of FFA; indeed we give examples of NFA that are flankable in Sect. 

On the other way, if an automaton is not deterministic, then in some cases it is not 
possible to dehne a suitable flanking function F. For example, consider the automaton 
from Fig. [^and assume, by contradiction, that we can define a flankable function F for 
this automaton. The word b is accepted by A but the word bb is not, so by dehnition of 
FFA (see eq. (F*)), there must be a state q G A{b) such that q^. Hence, because qi is 
the only state in A{b), we should necessarily have qi However, this contradicts the 
fact that the word a 6 is in A, since qi is also in A{a). 

More generally, it is possible to define a necessary and sufficient condition for the 
existence of a flanking function; this leads to an algorithm for testing if an automaton 
A is flankable. Let A“^(a) denotes the set of states reachable by words that can be 
extended by the symbol a (remember that we consider prehx-closed languages): 


A 


- 1 / 


a = 


[^{A(m) \ ua e A} 


It is possible to hnd a flanking function F for the automaton A if and only if, for 
every word u £ A such that ua ^ A then the set A{u) \ A“^(a) is not empty. Indeed, in 
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this case, it is possible to choose F such that {q, a) G F as soon as there exists a word 
u with q G A{u) \ 

Conversely, an automaton A is not flankable if we can hnd a word u G A such that 
ua ^ A and A{u) C A~^{a). For example, for the automaton in Fig. we have 
A~^{b) = {qo,qi,q2} while bb ^ A and A{b) = {gi}. 

This condition can also be checked using the powerset construction. Indeed, we can 
compute the set by taking the union of the classes in the powerset automaton 

p{A) that are the source of an a transition. Then it is enough to test this set for inclusion 
against all the classes that have no outgoing transitions labeled with a in p{A). 


3 Complexity Results for Basic Problems 

In this section we give some results on the complexity of basic operations over FFA. 

Theorem 1. The universality problem for FFA is deeidable in linear time. 

Proof. We consider a FFA (A, F) with A = {Q, S, E, I) and we want to check that every 
word u G S* is accepted by A. We assume that Q and I are not empty and that every 
state is reachable in A. We also assume that the function F is “encoded” a mapping 
from Q to sequences of symbols in E. 

We start by proving that A is universal if and only if the relation F is empty; meaning 
that for all states (7 G Q it is not possible to find a symbol a G T, such that q-^. As a 
consequence, all words reaching a state q m. A can always be extended by any symbol 
of S. 


A universal implies F empty. If the automaton A is universal then every word u G S* 
is accepted by A and can be extended by any symbol a G S. Hence, by definition 
of FFA (see eq. (F*)) we have that {q,a) ^ F for all symbol a in S. Hence F is 
the empty relation over Q x E. 


A not universal implies F not empty. Assume that u is the shortest word not accepted 
by A. We have that u 7 ^ e, since I is not empty. Hence there exist a word v such 
that u = va and v is accepted. Again, by definition of FFA (see eq. (F*)), there 
must be a state q G A{v) such that and therefore F is not empty. 


As a consequence, to test whether A is universal, it is enough to check whether there 
is a state q G Q that is mapped to a non-empty set of symbols in F. Note that, given a 
different encoding of F, this operation could be performed in constant time. □ 

We can use this result to settle the complexity of testing if an automaton is flankable. 

Theorem 2. Given an automaton A = {Q, E, E, I) and a relation F G Q x T,, the 
problem of testing if {A, F) is a flanked automaton is PSPACE-complete when there is 
at least two symbols in E. 
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Proof. We can define a simple nondeterministic algorithm for testing is (^, F) is flanked. 
We recall that the function F~^{a) stands for the set {g | g-?>} of states that “forbids” 
the symbol a. As stated in Sect. 2 . 1 , to test if iA,F) is flanked, we need, for every 
symbol o G S, to explore the classes C in the powerset automaton of A and test whether 
CAC" in p{A) and whether Cr\F~^{A) = 0 or not. These tests can be performed using 
IQI bits since every class C and every set F~^{a) is a subset of Q. Moreover there are at 
most 21*51 classes in p{A). Hence, using Savitch’s theorem, the problem is in PSPACE. 

On the other way, we can reduce the problem of testing the universality of a NFA A 
to the problem of testing if a pair (A, 0), where 0 is the “empty” flanking function over 
Q xTi. The universality problem is known to be PSPACE-hard when the alphabet S is 
of size at least 2, even if all the states of A are final [ 7 ]. Indeed, to test if A is universal, 
we showed in the proof of the previous theorem, that it is enough to check that (A, 0 ) 
is flanked. Hence our problem is also PSPACE-hard. □ 


To conclude this section, we prove that the complexity of checking language inclusion 
between a NFA and a FFA is in polynomial time, therefore proving that our new class 
of automata as the same nice complexity properties than those of UFA. We say that the 
language of Ai is included in A2, simply denoted Ai F A2, if all the words accepted by 
Ai are also accepted by A2. 

Theorem 3 . Given a NFA Ai and a FFA (^2,^2), we can check whether Ai G A2 in 
polynomial time. 

Proof. Without loss of generality, we can assume that Ai = (Qi, S, Fi, Ii) and A2 = 
(Q2, F, E2,12) are two NFA over the same alphabet S. We define a variant of the classical 
product construction between Ai and A2 that also takes into account the “pseudo¬ 
transitions” g A defined by the flanking functions. 

We define the product of Ai and (>4.2, F2) as the NFA A = {Q,T,, E, I) such that 
I = Ii X I2 and Q = {Qi x Q2) U {T}. The extra state T will be used to detect an 
“error condition”, that is a word that is accepted by Ai and not by A2 ■ The transition 
relation of A is such that: 

• if A q[ in > 4 i and q2 A in A2 then (gi, 92) A (g'l, (?2) ™ A; 

• if A q[ in > 4 i and q2 A in A2 then {qi,q2) A T in >4 

We can show that the language of > 4 i is included in the language of A2 if and only if 
the state T is not reachable in A. Actually, we show that any word u such that T G A{u) 
is a word accepted by > 4 i and not by 4.2. 

We prove the hrst implication. Assume that every word u accepted by > 4 i is accepted 
by 4.2. Hence we can prove by induction on the size of u that A{u) F Qi x Q2. On 
the other way, if u is not accepted by 4 i then u is not accepted by 4 (there are no 
transitions in this case). Hence, for all words in S*, the set A{u) does not contain T. 

For the other direction, assume that there is a word u such that T G A{u). The word 
u cannot be e since 4 (e) = Ii x /2 ^ T. Therefore u is of the form v a. Since there are no 

transitions from T in 4 , there must be a pair (^1,(72) € Qi x Q2 such that qi G 4 i(u); 
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Q2 £ - 4 . 2 ( u ); qi — ^ q[ in Ai and q2 ^ in A2- By property (^), since (^i, Fi) and (^2, F2) 
are both flanked, we have that v a ^ Ai and r; o ^ ^2) as required. 

We cannot generate more than |Qi|.|( 52 | reachable states in A before finding the 
error _L (or stopping the construction). Hence this algorithm is solvable in polynomial 
time. □ 


4 Closure Properties of Flanked Automata 


In this section, we study how to compute the composition of flanked automata. We 
prove that the class of FFA is closed by language intersection and by the “intersection 
adjunct”, also called quotient. On a negative side, we show that the class is not closed 
by non-injective relabeling. 

We consider the problem of computing a flanked automaton accepting the intersection 
of two prefix-closed, regular languages. More precisely, given two FFA (Ai,Fi) and 
(^2,^2), we want to compute a FFA {A,F) that recognizes the set of words accepted 
by both Ai and A2 , denoted simply n A2 • 

Theorem 4 . Given two FFA (Ai,Fi) and (^2,^2), we can compute a FFA {A, F) for 
the language Ai n A2 in polynomial time. The NFA A has size less than |Ai|.|A2|. 


Proof. We define a classical product construction between Ai and A2 and show how to 
extend this composition on the flanking functions. We assume that Ai is an automaton 
{Qi,Ji,Ei,Ii) for i E { 1 , 2 }. 

The automaton A = {Q, S, E, I) is defined as the synchronous product of Ai and A2, 
that is: Q = QixQ2', I = hxF] and the transition relation is such that {qi, (72) A (g{, 
in A if both qi A q[ in Ai and q2 A iii A2. It is a standard result that A accepts the 
language Ai H A2. 

The flanking function F is defined as follows: for each accessible state (gi,g2) £ Q, 
we have (gi, g2) A if and only if gi A in Ai or g2 A in A2. What is left to prove is that 
{A,F) is flanked, that is, we show that condition (F*) is correct: 


assume u is accepted by A and uo is not; then there is a state g = (gi, g2) in A 
such that g E A{u) and (g, a) E F. By definition of A, we have that u is accepted 
by both Ai or A2, while the word ua is not accepted by at least one of them. 
Assume that u a is not accepted by Ai. Since Fi is a flanking function for Ai , we 
have by equation (F*) that (gi,a) E Fi; and therefore (g,a) E F, as required. 


• assume there is a reachable state g = (gi, g2) in A such that g E A{u) and (g, a) E 
F; then u is accepted by A. We show, by contradiction, that u a cannot be accepted 
by A, that is ua ^ Ai H A2. Indeed, if so, then ua will be accepted both by Ai 
and A2 and therefore we will have (gi,a) ^ Fi and (g2,a) ^ F2, which contradicts 
the fact that (g, a) E F. 


□ 
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Next we consider the adjunct of the intersection operation, denoted A\IA2- This 
operation, also called quotient, is dehned as the biggest prefix-closed language X such 
that A2 n X C Ai- Informally, X is the solution to the following question; what is 
the biggest set of words x such that x is either accepted by Ai or not accepted by A2- 
Therefore the language A1/A2 is always dehned (and not empty), since it contains at 
least the empty word e. Actually, the quotient can be interpreted as the biggest prehx- 
closed language included in the set Li U L2, where Li is the language accepted by 
and £2 is the complement of the language of A2- The quotient operation can also be 
dehned by the following two axioms: 

(Axl) A2 n (^1/^2) T Ai (Ax 2 ) \/X. A2 n c Ai A c Ai / A2 

The quotient operation is useful when trying to solve language equations problems m 
and has applications in the domain of system verihcation and synthesis. For instance, 
we can hnd a similar operation in the contract framework of Benveniste et al. [ 3 ] or in 
the contract framework of Bauer et al. [ 2 ] . 

Our results on FFA can be use for the simplest instantiation of these frameworks, 
that considers a simple trace-based semantics where the behavior of systems is given 
as a regular set of words; composition is language intersection; and implementation re- 
hnement is language inclusion. Our work was motivated by the fact that there are no 
known effective methods to compute the quotient. Indeed, to the best of our knowl¬ 
edge, all the approaches rely on the determinization of NFA, which is very expensive in 

practice mm- 

Our dehnitions of quotient could be easily extended to replace language intersection 
by synchronous product and to take into account the addition of modalities |8]. 

Theorem 5 . Given two FFA (^i,Fi) and {A2,F2), we can compute a FFA {A, F) 
for the quotient language AifA2 in polynomial time. The NFA A has size less than 
|•Al|.|^2| + 1 

Proof. Without loss of generality, we can assume that Ei, Ii) and A2 = 

{Q2, S, E2,l2) are two NFA over the same alphabet S. Like in the construction for testing 
language inclusion, we define a variant of the classical product construction between ^1 
and A2 that also takes into account the flanking functions. 

We dehne the product of (^1, Fi) and (^2, F2) as the NFA A = {Q, S, E, I) such that 
I = Ii X I2 and Q = {Qi x Q2) U {T}. The extra state T will be used as a sink state 
from which every suffix can be accepted. The transition relation of A is such that: 

• if A q[ in and q2 A in A2 then (gi, 92) A (g^, (?2) ™ A; 

• if 52 A in A2 then (gi, 52) A T in ^ for all state gi G Qi 

• T A T for every a G S 

Note that we do not have a transition rule for the case where gi A in and 52 A 52; 
this models the fact that a word “that can be extended” in A2 but not in ^1 cannot be 
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Fi 


= {{qo,b),{qi,a)} F2 = {{qi,a)} F = {{qo,b), {q2,b)} 



Figure 2 : Construction for the quotient of two FFA and (^2,-^2). 


in the quotient A\/A2- It is not difficult to show that A accepts the language A\/A2- 
We give an example of the construction in Figure 

Next we show that A is flankable and dehne a suitable flanking function. Let F be the 
relation in Q x S such that {qi,q2) if and only if qi in Fi and q2 A in A2- That 
is, the symbol a is forbidden exactly in the case that was ruled out in the transition 
relation of A. What is left to prove is that {A, F) is flanked, that is, we show that 
condition (F*) is correct: 


• Assume u is accepted by A and n a is not. Since n a is not accepted, it must be the 
case that g / T. Therefore there is a state q = {qi, 92) in A such that qi G Ai{u) 
and q2 G A2{u). Also, since there are no transition with label a from g, then 
necessarily qi A in and ^2 A This is exactly the case where (g, a) G F, as 
required. 


• Assume there is a reachable state q m. A such that q G A{u) and {q, a) G F. 
Since {q,a) G F, we have g / T and therefore q = {qi,q2) with qi G Ai{u) and 
92 £ A2{v). Hence u is accepted by A. Next, we show by contradiction that ua 
cannot be accepted by A. Indeed, if it was the case then ua G A2 and ua ^ A2- 
However, if ua G A2 then, (92,0) ^ F2 and so, by construction, ((9i,92),a) ^ F. 


□ 

We give an example of the construction of the “quotient” FFA in Fig. If we look 
more closely at the construction used in Theorem that defines an automaton for the 
quotient of two FFA (^i,Ti) and (^2,^2), we see that the flanking function Fi is used 
only to compute the flanking function of the result. Therefore, as a corollary, it is not 
difficult to prove that we can use the same construction to build a quotient automaton for 
A\lA2 from an arbitrary NFA ^1 and a FFA (^2; F2). However the resulting automaton 
may not be flankable. 

We can also prove that flankability is preserved by language union: given two FFA 
{Ai,Fi) and (^2,^2), we can compute a FFA {A, F) that recognizes the set of words 


9 




accepted either by Ai or by A2-, denoted Ai U ^2- Operations corresponding to the 
adjunct of the union or the to Kleene star closure are not interesting in the context of 
automaton where every state is hnal and therefore they are not studied in this paper. 

Theorem 6 . Given two FFA (.Ai,Fi) and (^2,^2), we can compute a FFA {A, F) for 
the language A1UA2 in polynomial time. The NFA A has size less than (|^i| + l).(|^2| + 
!)• 

Proof. Like for language intersection and language inclusion, we base our construction 
on a variant of the classical product construction between and A2 and show how to 
extend this composition on the flanking functions. We assume that Ai is an automaton 
{Qi,Ji, Ei, li) for i G { 1 , 2 } and that both automaton have the same alphabet. 

We consider a special state symbol T not in Qi U ( 52 - This state will be used in 
A when we start accepting words that are not in the intersection of and A2. The 
automaton A = {Q, S, E, I) is such that: Q C (Qi U {T}) x (Q2 U {T}); / = /i x /2; 
and the transition relation is such that: 


• if gi A g} in ^1 and q2 A in A2 then (gi, 92) A (g}, (?2) ™ A; 

• if gi A gj in and q2 A in A2 then (gi, 52) A (gj, T) in A; 

• if gi A in and g2 A g^ in A2 then (gi, g2) A (T, g^) in A; 

• if gi A g{ in then (gi,T) A (g{,T) in A] 

• if g2 A g2 in A2 then (T, g2) A (T, g^) in A. 


It is not difficult to prove that the NFA A accepts all the words in Ai U A2. 

The flanking function F is defined as the smallest relation such that, for each accessible 
state (gi,g2) G Qi x Q2: 

• if both gi A in Fi and g2 A in F2 then (gi, g2) A in F; 

• if gi A in Fi then (gi, T) A in F; 

• if g2 A in F2 then (T, g2) A in F 


We are left to prove that {A, F) is flanked, that is condition (F*) is correct. The proof 
is very similar to the one for Theorem □ 


The two main closure properties given in this section are useful when we want to check 
language inclusion between the composition of several languages; for example if we need 
to solve, for X, the equation Ai H • • • H An CiX F B. This is the case, for example, if we 
need to synthesize a discrete controller, X, that satisfies a given requirement specification 
B when put in parallel with components whose behavior is given by Ai (with i G l..n). 
Indeed, even though there may be a small price to pay to “flank” the sub-components 
of this equation, we can incrementally build a flanked automaton for Ai H • • • H An and 
then compute efficiently the quotient B/{A\ n • • • H An). 
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Figure 3 : Example of a FFA not flankable after relabeling c to a. 


Even though the class of FFA enjoys interesting closure properties, there are operations 
that, when applied to a FFA, may produce a result that is not flankable. This is for 
example the case with “(non-injective) relabeling”, that is the operation of applying a 
substitution over the symbols of an automaton. The same can be observed if we consider 
an erasure operation, in which we can replace all transition on a given symbol by an 
e-transition. Informally, it appears that the property flankable can be lost when applying 
an operation that increases the non-determinism of the transition relation. 

We can prove this result by exhibiting a simple counterexample, see the automa¬ 
ton in Fig. This automaton with alphabet S = {a, b, c} is deterministic, so we 
can easily define an associated flanking function. For example we can choose F = 
{Qi,b), (qi,c), (^2,0), (g2,c), {q3,a), {q3,b), (g3,c)}. However, if we substitute the 
symbol c with a (that is we apply the non-injective relabeling function {a ■<— a}{b •(— 
b}{c ■<— a}), we obtain the non-flankable automaton described in Sect. | 2 . 1 | (see Fig. [^. 


5 Succinctness of Flanked Automata 

In this section we show that a flankable automata can be exponentially more succinct 
than its equivalent minimal DFA. This is done by defining a language over an alphabet of 
size 2 n that can be accepted by a linear size FFA but that corresponds to a minimal DFA 
with an exponential number of states. This example is due to Thomas Colcombet [H]. 

At first sight, this result may seem quite counterintuitive. Indeed, even if a flanked 
automata is build from a NFA, the combination of the automaton and the flanking func¬ 
tion contains enough information to “encode” both a language and its complement. This 
is what explain the good complexity results on testing language inclusion for example. 
Therefore we could expect worse results concerning the relative size of a FFA and an 
equivalent DFA. 

Theorem 7 . For every integer n, we can find a FFA {An, F) such that An has 2 n + 2 
states and that the language of An cannot be accepted by a DFA with less than 2 "' states. 

Proof. We consider two alphabets with n symbols: H^ = {1, ..., n} and Qn = {(li) (( 2 , • ■ ■ j tin}- 
We define the language over the alphabet n„ U 0„ as the smallest set of words such 
that: 
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• all words in II* are in L„, that is all the words that do not contain a symbol of 
the kind jjj; 

• a word of the form (ujlj) is in L„ if and only if u is a word of 11* that contains at 
least one occurrence of the symbol i. That is contains all the words of the form 
n* • i ■ n* • f|j for all i G l..n. We denote L\ the regular language consisting of the 
words of the form II* • z • 11* • j]*. 

Clearly the language is the union of n + 1 regular languages; L = 11 * U U • • • U L". 
It is also easy to prove that is prefix-closed, since the set of prefixes of the words in 
L\ is exactly 11 * for all i G l..n. 

A DFA accepting the language must have at least 2 "' different states. Indeed it 
must be able to record the subset of symbols in n„ that have already been seen before 
accepting jjj as a final symbol; to accept a word of the form u (J* the DFA must know 
whether i has been seen in u for all possible i G I..n. 

Next we define a flankable NFA An = {Qn-, Iln U 0 ^, En, {p}) with 2 n -|- 2 states that 
can recognize the language L„. We give an example of the construction in Fig. for 
the case n = 3 . The NFA An has a single initial state, p, and a single sink state (a 
state without outgoing transitions), r. The set Qn also contains two states, pi and qi, 
for every symbol i in 11. 

The transition relation En is the smallest relation that contains the following triplets 
for all i G l..n: 

• the 3 transitions p ^ qp, pi ^ qp, and qi^ qp 

• for every index j A h the 3 transitions p ^ Pi] Pi ^ pp, and qi^ qp 

• and the transition qi r. 

Intuitively, a transition from p to pi or qt will select non-deterministically which final 
symbol is expected at the end of the word (which sub-language L\ we try to accept). 
Once a symbol in 0 has been seen—in one of the transition of the kind qi ^ r —the 
automaton is stuck on the state r. It is therefore easy to prove that An accepts the 
union of the languages L\^ and their prefixes. 

Finally, the NFA An is flankable. It is enough to choose, for the flanking function, 
the smallest relation on Q x 0 „ such that pi -54 and p -54 for all i G l..n; and such that 
r-A for all the symbols a G n„ U 0 ^. Indeed, it is not possible to accept the symbol (j* 
from the initial state, p, or from a word that can reach pp, that is, it is not possible to 
extend a word without any occurrence of the symbol i with the symbol j)*. Also, it is 
not possible to extend a word that can reach the state r in An- It is easy to prove that 
this cover all the possible words not accepted by An- □ 

6 Conclusion 

We define a new subclass of NFA for prefix-closed languages called flanked automata. 
Intuitively, a FFA [A, F) is a simple extension of NFA where we add in the relation F 


12 


2,3 


2,3 


1,2 


1,2 



Figure 4 : Flankable NFA for the language L3. 


extra information that can be used to check (non-deterministically) whether a word is not 
accepted by A. Hence a FFA can be used both to test whether a word is in the language 
associated to A or in its complement. As a consequence, we obtain good complexity 
results for several interesting problems: universality, language inclusion, ... This idea of 
adding extra-information to encode both a language and its complement seems to be 
new. It is also quite different from existing approaches used to to define snbclasses of 
NFA with good complexity properties, like for example unambignity laiinj. Our work 
could be extended in several ways. 

First, we have implemented all our proposed algorithms and constructions and have 
found that—for several examples coming from the system verification domain—it was 
often easy to define a flanking function for a given NFA (even though we showed in 
Sect. 2.2 that it is not always possible). More experimental work is still needed, and in 
particular the definition of a good set of benchmarks. 

Next, we have used the powerset construction multiple time in our definitions. Most 
particularly as a way to test if a FFA is flanked or if a NFA is flankable. Other con¬ 
structions nsed to check language inclusion or simnlation between NFA conld be useful 
in this context like, for example, the antichain-based method |1]. 

Finally, we still do not know how to compute a “succinct” flanked antomaton from a 
NFA that is not flankable. At the moment, our only solution is to compute a minimal 
equivalent DFA (since DFA are always flankable). While it could be possible to subse¬ 
quently simplify the DFA—which is known to be computationally hard [6], even without 
taking into account the flanked function—it wonld be interesting to have a more direct 
construction. This interesting open problem is left for future investigations. 
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